Sign in to follow this  
Followers 0
ASForrest

VPN vs RDP

15 posts in this topic

Hi all, I'm currently working with the IT department at a new factory to set up our control network. We want to set up remote access, so that I can be in another city and get online with the PLC's over the internet. Initially there was talk of using VPN, but now it looks like being RDP (Remote Desktop Protocol). This is my first real foray into this side of things (in fact this whole job has involved a great many first forays), and I'm after some advice, tips, pointers, pitfalls, whatever you can phrase in reasonably small words and throw at me :) What I need to do is pretty simple - use Logix5000 to go online with the PLC's via the internet so I can troubleshoot or make small changes remotely. Does a VPN or RDP protocol pose any major problems with this? Particularly with regard to activations? If I can avoid it, I'd prefer not to have to have a Logix5000 license on a PC there as that hasn't been factored in to the costs. Is VPN or RDP better for this application? If anyone knows of a good website or PDF that can give me a primer on how either or both of these work, and how I actually go about doing all this that would be great. The IT guy is throwing a lot of big words and acronyms at me and I'm not feeling quite so smart as usual .. <- ME <- IT Guy

Share this post


Link to post
Share on other sites
As both options are low-cost you could implement both - then you can let us know which is best RDP, as far as I am aware, would need the software activated at the factory end. VPN depending on the implementation can be relatively easy to no so easy to set-up.

Share this post


Link to post
Share on other sites
Well from my point of view they're very easy to set up as the IT guy is doing it So RDP means I need logix5000 installed and activated on a local machine, and then I remotely control that machine - is that right?

Share this post


Link to post
Share on other sites
From the viewpoint of someone that has to work with 100+ PLC's every day the VPN solution is far better than RDP. RDP is a slow pig and it's frustrating to deal with, With VPN the software is loaded on the programmer / tech's laptop and the programs are available offline without ever making a connection to the the RDP. It's also on the laptop for when a field trip is necessary. I rarely have to use RDP for accessing ClearSCADA. When I do its unpleasant, Do the tech a favor an out the software in his laptop. Don't put it in a server where some curious george tyoe can get access to the brains of your control system
1 person likes this

Share this post


Link to post
Share on other sites
+1 on this. A VPN is most imortant through the warranty period, as you are not in complete control with the RDP approach.
1 person likes this

Share this post


Link to post
Share on other sites
Excellent, thanks guys. So does anyone know of a good website or PDF where I can get a "setting up and using a VPN 101"? As I said, the IT guy will set it all up, but I'd like to know more or less how it all works so I'm not just a rat pulling a lever ;)

Share this post


Link to post
Share on other sites
Also, the IT guy just asked me "what type of VPN do I need?". To which I replied "uh...." A quick search of other forums seems to throw up Cisco VPN's fairly regularly - is this a good way to go?

Share this post


Link to post
Share on other sites
Both RDP and VPN have their own advantages, however, with high security, better performance and manageability, VPN seems to be a clear winner in the competition of Remote Desktop VS VPN service. Here are different advantages and disadvantages to VPN and RDP connections: VPN is typically the easiest to troubleshoot as problems have a higher probability of being isolated. RDP is typically easier to use with higher bandwidth connections, but problems are usually harder to diagnose. VPN offers and additional level of security, as data traveling to the private network is encrypted before it hits the Internet, and decrypted once it reaches the private network. This additional level of security may be a plus for most, but this type of connection suffers from slower speeds than a non-encrypted method. Source: http://www.purevpn.com

Share this post


Link to post
Share on other sites
My company uses VPN, CISCO at that. I don't use it much seeing as I'm on site 99% of the time. My company employs 1250+ people and has 3 manufacturing plants (2 in UK, 1 in USA). My IT department did the complete setup so I have no knowledge of the internal workings. All I do is open up the software, think it's called "CISCO Iron port" when I'm remote, click connect, and I have all the features that I do if I was on the company LAN. If you want exact software details let me know and I'll check tomorrow.
1 person likes this

Share this post


Link to post
Share on other sites
Great, that's the sort of thing I wanted to hear. It looks like we're getting a Cisco VPN set up, the latest iteration appears to be "AnyConnect Secure Mobility VPN", so presumably it'll be that. Thanks!

Share this post


Link to post
Share on other sites
I've mentioned in another thread my experience with our IT upgrades. We have a corporate VPN system (Cisco) that's a slow dog on fast broadband connections and offers us access to limited PLCs in the plant. We've had better luck with leaving our company laptops plugged in and powered on and using LogMeIn to access the PC from off site. It's worked much better for us in our situation. Our IT folks gave this arrangement their blessing before we paid for the software.

Share this post


Link to post
Share on other sites
VPN uses OPC on your local machine and tunnels through the internet all communication between your machine to the private network then to the PLC processor. All programming software stays on your machine therefore the internet connection better be good or you risk the chance that you will drop out in the middle of a download. For programming industrial boiler control systems this was unacceptable for me. Remote Desktop uses OPC locally on a machine to connect to the PLC processor and stays connected if you have a internet connection issue and drop out, therefore you simply reconnect and continue where you left off because locally it stays connected. This gives you the option to call someone on the phone and walk them through it if need be. For this I recommend Real VNC because it allows the local user to watch what you are doing and take over. Windows RDP logs off the local session. This is what I ended up with and have had good success. Understanding both issues, why not VPN and use it to RDP if you need to? The University of Chicago uses Cisco and has both provided for me to log in when the utilities plant needs something. I like the ability to drop HMI updates in to the machines with VPN and then using RDP to reboot the machines.

Share this post


Link to post
Share on other sites
Some good points. It looks like we'll be going with the VPN option though, because I just told them how much a Logix 5000 license is

Share this post


Link to post
Share on other sites
I have many plc connected with vpn in US and Canada. I strongly suggest eWon Cosy 141 for all beginner. It's easy to use you setup a vpn in less than 10 step. This vpn device as a DF1 to Ethernet I/P built-in, the serial port could be used for many other protocol as well. This is very usefull to connect a drive with no ethernet connection to the vpn. This vpn use an outgoing connection so there is no firewall issue. http://www.ewon.biz/en/ewon-cosy-141.html?ewp=33

Share this post


Link to post
Share on other sites
Well we've got the VPN up and working and it's ridiculously easy. Well, my part of it anyway ;) I've ended up using ShrewSoft client software, had no issues so far. Thanks for all the advice!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0